[gnutls-devel] GnuTLS | Incorrect alert for malformed Client Hello (#659)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Dec 20 20:15:12 CET 2018
New Issue was created.
Issue 659: https://gitlab.com/gnutls/gnutls/issues/659
Author: Hubert Kario
Assignee:
## Description of problem:
When ClientHello compression methods does not include CompressionMethod.null, GnuTLS aborts the connection with handshake_failure alert instead of illegal_parameter
## Version of gnutls used:
435437ad94723612deb1e238379d457b2456d83f
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
local compile on Fedora 28
## How reproducible:
tlsfuzzer `test-invalid-compression-methods.py` from https://github.com/tomato42/tlsfuzzer/pull/489
## Actual results:
handshake_failure alert
## Expected results:
illegal_parameter alert for ClientHello messages that do not include null compression
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/659
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181220/6e707fae/attachment.html>
More information about the Gnutls-devel
mailing list